On Thu, 14 Jun 2001, Lance Whitmore wrote:
> Prior to banning any accounts reported as compromised, we will
> conduct a thorough review of the accounts in question and determine
> the appropriate course of action on those accounts. Accounts will only
> be banned based on information gathered through our investigation and
> not merely as a result of external allegations.
>
From my understanding, this bit was added to avoid cases like that pointed
out by Mu, when someone may have a personal vendetta against you and may
somehow find out your account username then call up Verant and claim that
you stole their account just to have your account banned. A rudimentary
investigation would probably turn up who the original account owner was.
However, I don't think this type of investigation would protect against a
real "hack" of Verants systems. If a completely unrelated third party
were to obtain username and passwords to accounts on Verants systems, I
would think it to be difficult for the owner of a compromised account to
prove that they didn't give out any account information. It seems to have
been turned into a case of guilty until proven innocent. Although this in
no way benefits the victim (owner of compromised account), Verant is a
business and businesses are in it to make money. This probably seemed
like the most economical solution for them with little work on their end
and "should" not have negative effects on the largest portion of the user
base.
mac